Train Series Release Notes


New Features

  • Add ‘dnsmasq_enable_addr6_list’ option support to dhcp agent settings. (See bug: #1861032)

  • The following two new classes have been added, to set up parameters in ovs_driver and sriov_driver section.

    • neutron::plugins::ml2::ovs_driver

    • neutron::plugins::ml2::sriov_driver

  • Add a new configuration option called “ovn_emit_need_to_frag” to the “ovn” section of etc/neutron/plugins/ml2_conf.ini. This new option tells ovn whether it should emit “need to frag” packets in case of MTU mismatch. Before enabling this configuration make sure that its supported by the host kernel (version >= 5.2) or by checking the output of the following command: ovs-appctl -t ovs-vswitchd dpif/show-dp-features br-int | grep “Check pkt length action”. Defaults to False.

  • Add new configuration parameter explicitly_egress_direct for ML2 OVS agent When set to True, the accepted egress unicast traffic will not use action NORMAL. The accepted egress packets will be taken care of in the final egress tables direct output flows for unicast traffic so that operators can set customized integration bridge name in l3 agent configuration. This can be enabled on some nodes to prevent flooding on integration bridge.

  • Add support for resource provider bandwidth.

  • The following two parameters have been added to define mapping of bridge name and hyper visor name to locate the parent of the resource provider tree.

    • neutron::agents::ml2::ovs::resource_provider_hypervisors

    • neutorn::agents::ml2::sriov::resource_provider_hypervisors


New Features

  • Added new parameters of_connect_timeout and of_request_timeout in the neutron::agents::ml2::ovs class.

  • Added new parameter neutron::agents::ml2::ovs::of_inactivity_probe.

  • Added new parameter neutron::agents::ml2::ovs::ovsdb_timeout.

Upgrade Notes

  • Switched the default value of the metadata_workers configuration option for the OVN metadata agents to 2 (from $::os_workers). While the OVS metadata agents runs on the controllers/gateway nodes (and defaults to $::os_workers) the OVN metadata agents are distributed and runs on the compute nodes instead so, there’s no point in running dozen of them on each compute. Also, by reducing the number of workers we also reduce the burden on the OVSDB that the OVN metadata agent connects to making OVN more scalable.


Upgrade Notes

  • The deprecated parameter neutron::manage_logging is removed.


New Features

  • Add support for Neutron MLNX agent.

  • This patch introduce parameters which support SSL to connect to OVN_Northbound DB and OVN_Southbound DB. This can be set by: * ‘ovn_nb_private_key’: The PEM file with private key for SSL connection to OVN-NB-DB * ‘ovn_nb_certificate’: The PEM file with certificate that certifies the private key specified in ovn_nb_private_key * ‘ovn_nb_ca_cert’: The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers * ‘ovn_sb_private_key’: The PEM file with private key for SSL connection to OVN-SB-DBt, * ‘ovn_sb_certificate’: The PEM file with certificate that certifies the private key specified in ovn_sb_private_key’ * ‘ovn_sb_ca_cert’: The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers

  • Allow users to run the RabbitMQ heartbeat over a native python thread in the oslo.messaging RabbitMQ driver, by using the rabbit_heartbeat_in_pthread option in configuration.

Upgrade Notes

  • The deprecated pki related options check_revocations_for_cached and hash_algorithms option has been removed.


New Features

  • Add support for configuring security group permitted_ethertypes on the Neutron OVS agent.

  • New hieradata, neutron::keystone::authtoken::service_token_roles, is introduced so that specific role can be assigned to the service user who can use service token feature.

  • Add support to configure [oslo_middleware]/max_request_body_size with $max_request_body_size.

Upgrade Notes

  • The Neutron LBaaS plugin has been removed upstream and is no longer available in the Train release. The following deprecated resources has been removed:

    • neutron::agents::lbaas

    • neutron::config::lbaas_agent_config

    • neutron::server::ensure_lbaas_package

    • neutron::services::lbaas

    • neutron::services::lbaas::haproxy

    • neutron::services::lbaas::octavia

    • neutron_lbaas_agent_config

    • neutron_lbaas_service_config

    Please see the following link for more information on this deprecation:

    You should use the Octavia project to implement LBaaS.


New Features

  • Add openstackclient installation to the client class.

  • Added the ability to configure rpc_response_max_timeout.

Upgrade Notes

  • The default value for neutron::plugins::cisco::keystone_auth_url is changed from to

  • The default value for neutron::plugins::plumgrid::connection is changed from to

  • The default value for neutron::plugins::midonet::keystone_tenant and neutron::plugins::ml2::bigswitch::restproxy::auth_tenant has been changed from ‘service’ to ‘services’.

Deprecation Notes

  • database_idle_timeout is deprecated and will be removed in a future release. Please use database_connection_recycle_time instead.

Bug Fixes

  • As of Queens the neutron-vpn-agent package for Ubuntu is no longer provided and has been replaced with the package python-neutron-vpnaas.

  • On Debian there is no package named openswan and the package that should be installed for VPNaaS is strongswan.